Blockchain-Based IoT Architecture: Enhancing Security and Scalability

Click the blue text above to follow us!

Blockchain-Based IoT Architecture

Chen Shipeng^1,2, Chen Bin^1,2, Dai Mingjun^1,2, Wang Hui^1,2

1 Shenzhen University Blockchain Technology Research Center, Guangdong Shenzhen 518060

2 Shenzhen University School of Electronics and Information Engineering, Guangdong Shenzhen 518060

Abstract:

To address the low compatibility and weak attack resistance issues in the device identity authentication process of centralized IoT platforms, a distributed IoT device identity authentication architecture based on blockchain is proposed. Digital identities and other information are stored in a novel block data structure, and a distributed IoT device identity authentication mechanism is proposed based on cryptographic knowledge. A detailed process for issuing device digital certificates and identity authentication is designed. Security analysis of the proposed mechanism is conducted from aspects such as power constraints among entities, privacy protection of devices, and resistance to attacks, and a comparative analysis of security attributes, computational overhead, and storage overhead is performed. The results show that the proposed identity authentication mechanism can resist various malicious attacks, achieve highly secure distributed IoT identity authentication, and has certain advantages in performance.

Keywords:Blockchain ; IoT ; Distributed ; Identity Authentication ; Cryptography

Citation Format:

Chen Shipeng, Chen Bin, et al. Blockchain-Based IoT Architecture[J]. Journal of Internet of Things, 2020, 4(2): 78-83

CHEN S P, CHEN B, et al. Blockchain-Based IoT Architecture[J]. Chinese Journal on Internet of Things, 2020, 4(2): 78-83

1 Introduction

The Internet of Things (IoT) is considered the third wave of the information industry revolution following the Internet era. IoT technology relies on the Internet environment to connect various terminal devices, forming a massive network of interconnected objects. With the development of information technology, IoT technology has gradually penetrated various aspects of people’s lives.

The IoT hierarchical structure can be divided into three layers from bottom to top: perception layer, network layer, and application layer, mainly reflected in the following three aspects.

1) Potential single point of failure and scalability issues caused by centralized structure

Traditional IoT architectures adopt a client-server (C-S) centralized communication model, where IoT devices interact through a central server. Once the central server fails, all IoT devices relying on it will be unable to operate normally. Meanwhile, as the number of IoT devices increases, the amount of data the central server needs to process will also surge, leading to scalability issues.

2) Data privacy and security issues of IoT devices

The current IoT architecture adopts a centralized model, where all IoT devices rely on a central server for data aggregation. If the security of the central server is not guaranteed, node data may be at risk of leakage.

3) Limited resources of IoT devices, making them easy targets for hackers to use as distributed denial-of-service (DDoS) attack tools

IoT devices primarily provide lightweight services such as data collection and transmission, with limited computational and storage capabilities, making them difficult to meet complex security requirements and vulnerable to network attacks, often being used as tools for DDoS attacks by hackers.

From the above analysis, it can be seen that the security and scalability issues of large-scale IoT networks are mainly constrained by the traditional Internet C-S centralized communication model.

The centralized C-S structure of traditional IoT and the distributed IoT structure based on blockchain are shown in Figure 1. The traditional IoT structure relies on existing Internet environments, depending on a central server for data exchange between devices, while blockchain technology organically integrates a series of technologies such as distributed systems, hash algorithms, Merkle trees, digital signatures, and P2P networks, along with incentive mechanisms, to achieve consensus in distributed systems in an asynchronous public network where the type and number of hosts are unrestricted, ensuring the immutability and uniqueness of digital information in distributed systems. Its decentralized processing method guarantees the scalability and security of the network. In recent years, the introduction of blockchain technology to solve security issues in IoT has attracted the attention of researchers.

However, two issues need to be addressed in the process of introducing blockchain technology into IoT: 1) Due to resource constraints of IoT devices, most devices only have data collection capabilities and lack the ability to store complete blockchain ledgers, making them unable to act as nodes in the blockchain; 2) As the number of devices grows exponentially, the amount of data recorded by IoT devices will also increase significantly, and storing data directly on the blockchain will reduce the number of nodes that can completely store the ledger, which will weaken the security of the decentralized system architecture. Therefore, this paper proposes an IoT architecture that uses blockchain as an intermediary layer, leveraging the decentralized, trustless, and data-encrypted transmission characteristics of blockchain to provide a reliable network environment for IoT, while providing a solution that combines on-chain verification with off-chain cloud storage services to address data storage issues.

Blockchain-Based IoT Architecture: Enhancing Security and Scalability

Figure 1 Centralized C-S structure of traditional IoT and distributed IoT structure based on blockchain

2 Blockchain-Based IoT Architecture

2.1 Network Model

This paper improves the three-layer architecture of traditional IoT, and the blockchain-based IoT hierarchical structure is shown in Figure 2. A blockchain layer is added on top of the traditional network layer, which serves to provide privacy and security for data using encryption technology from the blockchain, eliminating the need for a central server and converting the traditional C-S centralized communication model of IoT into a distributed P2P model, providing a reliable network environment for the upper application layer.

Figure 2 Blockchain-Based IoT Hierarchical Structure

This paper takes smart communities as the research scenario, and the entity structure model of the smart community is shown in Figure 3, mainly consisting of four parts.

1) IoT devices: Referring to sensors, monitoring devices, and personal devices, responsible for data collection and information exchange with nodes.

2) Household nodes: Personal computers and other smart devices in households act as nodes in the blockchain network to connect to the public blockchain network and serve as intermediaries between household IoT devices and the blockchain network.

3) Public gateway nodes: Gateway nodes relied upon by public IoT devices, also acting as nodes in the blockchain network, operated by community property management, recording data collected by internal terminal devices.

4) Cloud storage service nodes: Connected to the blockchain network, providing on-chain permission verification and off-chain storage services.

Among them, household nodes, public gateway nodes, and cloud storage service nodes can connect to the blockchain network via the Internet, while IoT devices rely on gateway nodes for on-chain information exchange.

Figure 3 Entity structure model of smart community

2.2 Public Blockchain Records Device Permissions

IoT devices continuously generate a large amount of data, and it is unrealistic to store this data directly on-chain. A feasible solution is the off-chain cloud storage service based on on-chain verification, which will be analyzed in detail in Section 3. Moreover, the blocks in the public blockchain only record the permission token status and smart contracts of various devices, without recording the data generated by IoT devices.

Permission tokens serve as trusted credentials for devices on the chain, indicating different devices’ permissions and their holders. Recording device permissions on-chain can ensure the immutability and verifiability of permission records. Nodes can customize control over corresponding devices by verifying permission tokens and executing corresponding smart contracts, while cloud storage services perform encrypted transmission and storage of off-chain data using the permission tokens verified on-chain. The functions of this blockchain network include permission token generation, permission token transfer, and permission token destruction.

1) Permission token generation

When adding new IoT devices to the blockchain network, a permission token generation transaction is required. Once this transaction is published on the chain, all nodes in the blockchain can verify the corresponding device’s permissions and its holder (household node or public gateway node). Nodes with permission for that device can control it.

For example, when household node A puts IoT device M on-chain, the permission token generation transaction is shown in Figure 4. The input of this token transaction is set to empty, and the output is the public key address of node A (address A), while containing fields such as device information, permissions, and permission holders, signed with node A’s private key (Signature A). Once this transaction is packed into a block, nodes in the network can verify the signature using the output address address A to determine that the device’s control belongs to A.

Figure 4 Permission token generation transaction

2) Permission token transfer

When it is necessary to transfer device permissions to other nodes, such as when a hotel temporarily hands over control of internal devices to guests, nodes can generate a token transaction for short-term or permanent permission transfer. For example, when node A transfers the permission of IoT device M to node B, the permission token transfer transaction is shown in Figure 5. The permission transfer process is the token transaction process, where the input points to the last token transaction Tx1 that contains the address of IoT device M, and the output is the public key address of the new control node B (address B). The permission field can be set to the read/write permissions granted during the transfer, and an expiration time field can be set to limit the usage duration of the permission, typically using block height as the time reference. If it is necessary to change the gateway node of the IoT device, the permission holder can also be permanently converted. Finally, this transaction is signed with node A’s private key and published on-chain.

3) Permission token destruction

If an IoT device leaves the network due to failure or other reasons, a token transfer transaction with the output address being a black hole address can be used to achieve this.

Figure 5 Permission token transfer transaction

2.3 Device Control Method Based on Smart Contracts

This paper’s device control mainly takes the autonomous coordination of smart devices within households as an example. IoT devices connect to household gateways via wireless or wired methods, with household gateways acting as nodes in the public blockchain network, recording and monitoring state changes on the blockchain.

Based on the records of device permission tokens on-chain, intelligent operations within households are completed by executing smart contracts published on the blockchain. The gateway node listens for state changes in the smart contract and executes control instructions for the specified IoT devices according to the state changes to achieve remote control of the devices.

For example, when node A controls the switch of the television device Q within the household.

Step 1 Smart Contract Release

Node A first publishes a smart contract for the television switch, writing the corresponding permission verification strategy (access strategy) into the contract, with the permission verification strategy serving as a function within the contract to verify whether the contract caller meets the permission conditions. The smart contract is shown in Figure 6. In this case, the permission holder (owner) is assigned the token generation transaction (Txgenerate Q) of the television Q and recorded in the contract. The permission verification strategy must check whether the address of the contract caller is the owner. Upon successful publication, the contract is recorded as a transaction in the blockchain network, obtaining the returned contract address address C, and the household gateway node continuously listens for changes in the switch state (state).

Figure 6 Smart Contract

Step 2 Smart Contract Execution

When node A performs the control operation on the switch of television Q at any place and any time, node A connects to the blockchain and initiates a contract call. The execution of the contract is shown in Figure 7, requesting the node to call the open function of the contract address address C, with the contract internally verifying whether the requesting node has the permission to execute that contract function through the access strategy. Upon successful verification, the open function is executed, changing the switch state. The household gateway node detects the event of the switch state change and controls the television device Q to turn on.

Figure 7 Contract Execution

This paper simulates the smart community based on the Ethereum platform, utilizing Geth to build a private chain environment, developing permission tokens based on the Ethereum ERC20 protocol, simulating community gateway nodes using multiple Raspberry Pis and computer hosts, and using a light bulb connected to a Raspberry Pi to simulate IoT devices, controlling them through the deployment of Ethereum smart contracts.

3 Off-Chain Cloud Storage Services

Blockchain technology is a distributed storage technology that backs up on-chain data across multiple nodes, making it unsuitable for the large data storage of IoT devices. Therefore, this paper provides secure off-chain cloud storage services for blockchain-based IoT to reduce the storage costs of blockchain, while providing access control for off-chain data read/write operations through the tamper-proof permission verification mechanism offered on-chain.

3.1 Cloud Storage Service Smart Contract Generation

The cloud storage subscription contract published by the cloud storage service operator is shown in Figure 8, which has the following three main functions: applying for storage space, read requests, and write requests. The contract internally writes permission verification strategies to avoid malicious read/write requests, in this case verifying whether the requesting node exists in the node list (List).

Figure 8 Cloud Storage Subscription Contract

3.2 Cloud Storage Space Application

The operation for nodes to apply for cloud storage space is as follows.

1) The requesting node pays a certain amount of money to the contract account according to the size of the space being applied for (num) to call the contract to apply for storage space.

2) Once the smart contract receives the request and confirms that the amount meets the requirements, the contract executes the space_alloc function to add the requesting node’s address to the List and grants the corresponding node storage space and read/write permissions.

3.3 Requesting Cloud Storage Service Read/Write Operations

The process for nodes to request read/write operations from the cloud storage service consists of the following steps.

1) The requesting node calls the contract read/write operation through the cloud storage service’s smart contract address, and the contract internally checks whether the requesting node is included in the List and whether it has the corresponding permissions for the requested operation. If so, it executes and returns the connection information (Info) for the cloud storage service off-chain.

2) The requesting node receives the returned Info, connects with the cloud storage service off-chain, submits a new read/write request, and uses its private key for signing and sending.

3) Upon receiving the read/write request, the cloud storage service first verifies the signature using the requesting node’s public key and checks whether the contract internally includes the requesting node’s public key and whether it has the corresponding requested operation. If verification is successful, it generates a symmetric key s, and encrypts it using the requesting node’s public key and returns it.

4) The requesting node decrypts the symmetric key s, and then interacts with the cloud storage service for information exchange and data reading off-chain using the symmetric key s.

The workflow for cloud storage service read/write operations is shown in Figure 9, providing the functionality of transferring on-chain permission control to off-chain cloud storage services, while choosing encryption technologies to ensure the security of off-chain data transmission.

Figure 9 Cloud Storage Service Read/Write Operation Workflow

4 Conclusion

The decentralized, autonomous, and trustless characteristics of blockchain make it an ideal component for IoT solutions. This paper presents a design method for blockchain applications in smart community IoT, allowing IoT to leverage the distributed characteristics of blockchain to enhance scalability and security. Additionally, data on-chain empowerment and off-chain storage methods are designed to ensure the practicality of this method.

About the Authors

Chen Shipeng (1996-), male, master’s student at Shenzhen University, main research direction is blockchain consensus technology and smart contracts.

Chen Bin (1975-), male, PhD, associate professor and master’s supervisor at Shenzhen University, main research direction is blockchain consensus mechanisms and smart contract security mechanisms, applications of deep reinforcement learning in cloud computing network optimization, etc. E-mail: [email protected].

Dai Mingjun (1982-), male, PhD, associate professor at Shenzhen University, main research direction is network coding, cooperative communication, software-defined networks, etc.

Wang Hui (1969-), male, PhD, professor and doctoral supervisor at Shenzhen University, main research direction is blockchain, wireless networks, etc.

Previous Articles Review

[Paper] IoT Data Management Based on Blockchain and Edge Computing

[Paper] Discussion on the Application of Blockchain in IoT Systems

[Paper] Optimization of Scalable Byzantine Fault Tolerance Consensus Algorithm

[Paper] Blockchain-Based Dynamic Spectrum Sharing Access Technology

[Paper] Analysis of Blockchain Cross-Chain Technology

[Paper] Blockchain-Based Secure Vehicle Network Digital Forensics System

[Paper] Detection and Location of Malicious Nodes in IoT Based on Blockchain Smart Contracts

[Paper] Research on Distributed IoT Device Identity Authentication Mechanism Based on Blockchain

The Journal of Internet of Things aims to publish innovative academic papers in the fields of IoT and related interdisciplinary research, showcasing China’s research achievements and reflecting the cutting-edge research level in the country, providing academic support for China’s rapidly developing IoT technology innovation and industry, and promoting the development of IoT technology and application fields in China.

Scan to follow the official WeChat account of the Journal of Internet of Things for more!